package com.z.system.controller;

import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import java.util.HashMap;
import java.util.Map;

import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.media.Content;
import io.swagger.v3.oas.annotations.media.Schema;
import io.swagger.v3.oas.annotations.tags.Tag;

/**
 * 权限测试控制器，用于验证系统权限认证功能是否正常工作
 */
@RestController
@RequestMapping("/api/permission/test")
@Tag(name = "权限测试", description = "权限认证功能测试接口")
public class PermissionTestController {
    
    /**
     * 公开访问的端点，不需要任何权限
     */
    @GetMapping("/public")
    @Operation(summary = "公开端点", description = "不需要任何权限即可访问的测试端点",
               responses = @io.swagger.v3.oas.annotations.responses.ApiResponse(
                   responseCode = "200", description = "成功响应",
                   content = @Content(schema = @Schema(implementation = Map.class))))
    public Map<String, Object> publicEndpoint() {
        Map<String, Object> result = new HashMap<>();
        result.put("success", true);
        result.put("message", "这是一个公开访问的端点，不需要任何权限");
        return result;
    }
    
    /**
     * 需要认证才能访问的端点，但不需要特定权限
     */
    @GetMapping("/authenticated")
    @Operation(summary = "认证端点", description = "需要登录认证才能访问的测试端点",
               responses = @io.swagger.v3.oas.annotations.responses.ApiResponse(
                   responseCode = "200", description = "成功响应",
                   content = @Content(schema = @Schema(implementation = Map.class))))
    public Map<String, Object> authenticatedEndpoint() {
        Map<String, Object> result = new HashMap<>();
        result.put("success", true);
        result.put("message", "这是一个需要登录认证才能访问的端点");
        return result;
    }
    
    /**
     * 需要role:view权限才能访问的端点
     */
    @PreAuthorize("hasAuthority('role:view')")
    @GetMapping("/role/view")
    @Operation(summary = "role:view权限测试", description = "需要role:view权限才能访问的测试端点",
               responses = @io.swagger.v3.oas.annotations.responses.ApiResponse(
                   responseCode = "200", description = "成功响应",
                   content = @Content(schema = @Schema(implementation = Map.class))))
    public Map<String, Object> roleViewEndpoint() {
        Map<String, Object> result = new HashMap<>();
        result.put("success", true);
        result.put("message", "权限认证成功！您拥有role:view权限");
        return result;
    }
    
    /**
     * 需要role:create权限才能访问的端点
     */
    @PreAuthorize("hasAuthority('role:create')")
    @GetMapping("/role/create")
    @Operation(summary = "role:create权限测试", description = "需要role:create权限才能访问的测试端点",
               responses = @io.swagger.v3.oas.annotations.responses.ApiResponse(
                   responseCode = "200", description = "成功响应",
                   content = @Content(schema = @Schema(implementation = Map.class))))
    public Map<String, Object> roleCreateEndpoint() {
        Map<String, Object> result = new HashMap<>();
        result.put("success", true);
        result.put("message", "权限认证成功！您拥有role:create权限");
        return result;
    }
    
    /**
     * 需要role:update权限才能访问的端点
     */
    @PreAuthorize("hasAuthority('role:update')")
    @GetMapping("/role/update")
    @Operation(summary = "role:update权限测试", description = "需要role:update权限才能访问的测试端点",
               responses = @io.swagger.v3.oas.annotations.responses.ApiResponse(
                   responseCode = "200", description = "成功响应",
                   content = @Content(schema = @Schema(implementation = Map.class))))
    public Map<String, Object> roleUpdateEndpoint() {
        Map<String, Object> result = new HashMap<>();
        result.put("success", true);
        result.put("message", "权限认证成功！您拥有role:update权限");
        return result;
    }
    
    /**
     * 需要role:delete权限才能访问的端点
     */
    @PreAuthorize("hasAuthority('role:delete')")
    @GetMapping("/role/delete")
    @Operation(summary = "role:delete权限测试", description = "需要role:delete权限才能访问的测试端点",
               responses = @io.swagger.v3.oas.annotations.responses.ApiResponse(
                   responseCode = "200", description = "成功响应",
                   content = @Content(schema = @Schema(implementation = Map.class))))
    public Map<String, Object> roleDeleteEndpoint() {
        Map<String, Object> result = new HashMap<>();
        result.put("success", true);
        result.put("message", "权限认证成功！您拥有role:delete权限");
        return result;
    }
    
    /**
     * 获取当前用户的权限列表
     */
    @GetMapping("/user/permissions")
    @Operation(summary = "获取用户权限", description = "获取当前用户权限信息的测试端点",
               responses = @io.swagger.v3.oas.annotations.responses.ApiResponse(
                   responseCode = "200", description = "成功响应",
                   content = @Content(schema = @Schema(implementation = Map.class))))
    public Map<String, Object> getUserPermissions() {
        Map<String, Object> result = new HashMap<>();
        result.put("success", true);
        result.put("message", "请使用 /api/auth/me 接口查看当前用户信息和权限");
        return result;
    }
}